Information Security Policy

All parts of Tooth Fairy Healthcare LTD are responsible for making sure that information is protected adequately in accordance with the Policy and Standards. 

Tooth Fairy Healthcare LTD recognises the sensitive nature of the information that the organisation holds and processes and the serious potential harm that could be caused by security incidents affecting this information. 

Tooth Fairy Healthcare LTD will therefore give the highest priority to information security. This will mean that security matters will be considered as a high priority in making any business decisions. This will help ensure that Tooth Fairy Healthcare LTD will allocate sufficient human, technical and financial resources to information security management, and will take appropriate action in response to all violations of Security Policy.

The measures and controls detailed in this policy details the intention of Tooth Fairy Healthcare LTD to comply with the ISO27001.  It does not provide a summary of the current state of security controls in place at any given time. This document will be reviewed and updated by Management on an annual basis or when relevant to include newly developed security standards into the policy and distribute it all employees and contracts as applicable.

Tooth Fairy Healthcare LTD commits to respecting the privacy of all its customers and to protecting any data about customers from outside parties. To this Tooth Fairy Healthcare LTD are committed to maintaining a secure environment. 

The Policy and Standards will be available, as the correct up to date version, online in secure folders to all staff.

The importance of information security

Information can be defined as useful data for a particular analysis, decision or task. Information must always be protected appropriately irrespective of how it is stored, presented or communicated. 

The main aims of information security are to preserve:

Confidentiality: ensuring that information is accessible only to those who are authorised to have access. 
Integrity: safeguarding the accuracy and completeness of information and processing methods. 
Availability: ensuring that only authorised users have access to information when needed.

It also aims to support the requirements of: 

Accountability: accounting for the actions of individuals by monitoring their activities. 
Non-Repudiation: legally acceptable assurance that transmitted information has been issued from and received by the correct, appropriately authorised, individuals.